NASFAA Member Data Not Impacted By Heartbleed Bug

News broke recently of a wide-reaching security vulnerability known as the Heartbleed bug. Heartbleed affects OpenSSL, used by a majority of the web to securely send data. In short, NASFAA member data is safe from Heartbleed. 

NASFAA systems are protected in many ways from Internet security threats such as Heartbleed, which at its core is an exploit based on code flaws in a widely used OpenSSL library.  NASFAA is not using OpenSSL libraries on any systems that contain member information. Our implementation of SSL (Secure Socket Layer) protects your information, and we continually monitor and update our systems to ensure this remains the case.

This is an unfortunate condition for those sites that are subject to it, and we're grateful that member data stored by NASFAA is not in jeopardy.

Some general steps NASFAA takes to safeguard member information and online identity include: 

  • Proactive monitoring and patching systems to protect the overall NASFAA technology infrastructure, including member data;
  • Regular upgrades to Microsoft server software and our membership database.
    • iMIS, NASFAA’s membership database and association management system, is certified PCI compliant to ensure credit card transaction are protected. Also, iMIS securely stores email addresses and login passwords for member access.  
    • Secure Socket Layer (SSL) security is loaded on the commerce component of, ensuring encrypted transmission of data across the Internet.  
  • NASFAA’s network security infrastructure actively scans and mitigates threats using a variety of methods;
  • An ongoing procedural review of our security presence as the landscape continually changes; and
  • Physical security via the presence of our key systems in audited, SSAE-16 compliant datacenter facilities.

To ensure that your other (non-NASFAA) online communications are safe, you may want to:  

  • Check with your local Internet service provider and any online merchants that have your credit card information to ensure that their own servers are safe.
  • To be safe, you should change any online passwords you may be using on a regular basis (Facebook, Google accounts, bank accounts, etc.).  It’s good practice to do this regularly and make sure you use strong passwords (that is, containing letters, numbers, symbols, and/or capitalization).  

As always, your security is our priority and we will continue to monitor the situation and update our NASFAA community. 

To learn more about how we keep your online data secure, please see our Privacy Policy.


Publication Date: 4/22/2014

You must be logged in to comment on this page.

Comments Disclaimer: NASFAA welcomes and encourages readers to comment and engage in respectful conversation about the content posted here. We value thoughtful, polite, and concise comments that reflect a variety of views. Comments are not moderated by NASFAA but are reviewed periodically by staff. Users should not expect real-time responses from NASFAA. To learn more, please view NASFAA’s complete Comments Policy.
View Desktop Version